Skip to main content
CVE-2017-14016 MEDIUM POC THREAT This Month

A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.2%.

Buffer Overflow RCE Stack Overflow Webaccess
NVD Exploit-DB
CVSS 3.0
6.3
EPSS
19.2%
CVE-2017-16636 MEDIUM POC This Month

In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bludit
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-16564 MEDIUM POC This Month

Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ht802 Firmware
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-14025 MEDIUM This Month

An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure Fox515T Firmware
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-13680 MEDIUM This Month

Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Endpoint Protection
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-15306 MEDIUM PATCH This Month

The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-14023 MEDIUM This Month

An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Siemens Simatic Pcs7 Simatic Wincc
NVD
CVSS 3.1
4.9
EPSS
2.8%
CVE-2017-16635 MEDIUM This Month

In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tinywebgallery
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2015-7878 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Taxonomy Find
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-15039 MEDIUM This Month

Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Zurmo Crm
NVD
CVSS 3.0
4.8
EPSS
0.2%
CVE-2017-16569 MEDIUM This Month

An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect PHP Zurmo Crm
NVD
CVSS 3.0
4.8
EPSS
0.1%
CVE-2017-16637 MEDIUM This Month

In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when resetting the network data via the software client, with a running VPN connection, a critical error occurs which leads to a. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Vpn Manager
NVD
CVSS 3.0
4.4
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy